Abstract image of a woman sitting on books and studying on a laptop

Ethical hacking

Download as PPT, PDF
S
sumanth1201

The document discusses ethical hacking, which involves legally testing a system's security vulnerabilities to improve security. It outlines the ethical hacking process, including preparation, footprinting, enumeration and fingerprinting, vulnerability identification, and exploiting vulnerabilities. The goal is to find weaknesses without causing harm in order to help organizations strengthen their defenses.

EducationTechnology
1 of 21
Downloaded 159 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Ethical Hacking
Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting
What is Ethical Hacking Ethical Hacking Conforming to accepted professional standards of conduct Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming White-hat - Good Guys Black-hat – Bad guys
What is Ethical Hacking It is Legal Permission is obtained from the target Part of an overall security program Identify vulnerabilities visible from Internet at particular point of time Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
Why – Ethical Hacking Source: CERT-India January - 2005 Defacement Statistics for Indian Websites 1131 Total 13 other 2 .edu 2 .nic.in 3 .info 13 .ac.in 48 .co.in 12 .biz 39 .net 53 .org 24 .gov.in 922 .com No of Defacements Domains June 01, 2004 to Dec.31, 2004
Why – Ethical Hacking Source: CERT/CC Total Number of Incidents Incidents
Why – Ethical Hacking Source: US - CERT
Why – Ethical Hacking Protection from possible External Attacks Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data
Ethical Hacking - Process Preparation Footprinting Enumeration & Fingerprinting Identification of Vulnerabilities Attack – Exploit the Vulnerabilities
Preparation Identification of Targets – company websites, mail servers, extranets, etc. Signing of Contract Agreement on protection against any legal issues Contracts to clearly specifies the limits and dangers of the test Specifics on Denial of Service Tests, Social Engineering, etc. Time window for Attacks Total time for the testing Prior Knowledge of the systems Key people who are made aware of the testing
Footprinting Collecting as much information about the target DNS Servers IP Ranges Administrative Contacts Problems revealed by administrators Information Sources Search engines Forums Databases – whois, ripe, arin, apnic Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
Enumeration & Fingerprinting Specific targets determined Identification of Services / open ports Operating System Enumeration Methods Banner grabbing Responses to various protocol (ICMP &TCP) commands Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
Identification of Vulnerabilities Vulnerabilities Insecure Configuration Weak passwords Unpatched vulnerabilities in services, Operating systems, applications Possible Vulnerabilities in Services, Operating Systems Insecure programming Weak Access Control
Identification of Vulnerabilities Methods Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic Insecure Programming – SQL Injection, Listening to Traffic Weak Access Control – Using the Application Logic, SQL Injection
Identification of Vulnerabilities Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites Common Vulnerabilities & Exposures – http://cve.mitre.org Bugtraq – www.securityfocus.com Other Vendor Websites
Attack – Exploit the vulnerabilities Obtain as much information (trophies) from the Target Asset Gaining Normal Access Escalation of privileges Obtaining access to other connected systems Last Ditch Effort – Denial of Service
Attack – Exploit the vulnerabilities Network Infrastructure Attacks Connecting to the network through modem Weaknesses in TCP / IP, NetBIOS Flooding the network to cause DOS Operating System Attacks Attacking Authentication Systems Exploiting Protocol Implementations Exploiting Insecure configuration Breaking File-System Security
Attack – Exploit the vulnerabilities Application Specific Attacks Exploiting implementations of HTTP, SMTP protocols Gaining access to application Databases SQL Injection Spamming
Attack – Exploit the vulnerabilities Exploits Free exploits from Hacker Websites Customised free exploits Internally Developed Tools – Nessus, Metasploit Framework,
Reporting Methodology Exploited Conditions & Vulnerabilities that could not be exploited Proof for Exploits - Trophies Practical Security solutions
Ethical Hacking - Commandments Working Ethically Trustworthiness Misuse for personal gain Respecting Privacy Not Crashing the Systems

More Related Content

PPT
Ethical hacking by shivam
Shivam Ðreamchazer
 
PPT
Ethical hacking
Meghal Murkute
 
PPT
Ethical hacking-ppt-download4575
Gopal Rathod
 
PPTX
Lecture 10 intruders
rajakhurram
 
ODP
Network Security Topic 1 intro
Khawar Nehal khawar.nehal@atrc.net.pk
 
PPTX
why security is needed
sourov_das
 
PPTX
CS8792 - Cryptography and Network Security
vishnukp34
 
PPTX
Security
chian417
 
Ethical hacking by shivam
Shivam Ðreamchazer
 
Ethical hacking
Meghal Murkute
 
Ethical hacking-ppt-download4575
Gopal Rathod
 
Lecture 10 intruders
rajakhurram
 
Network Security Topic 1 intro
Khawar Nehal khawar.nehal@atrc.net.pk
 
why security is needed
sourov_das
 
CS8792 - Cryptography and Network Security
vishnukp34
 
Security
chian417
 

What's hot (18)

PDF
Hacking and Ethical Hacking
Masih Karimi
 
PPT
Intruders
techn
 
PPTX
Intruders detection
Ehtisham Ali
 
PPT
Ch04 Network Vulnerabilities and Attacks
Information Technology
 
PPTX
Covert channels: A Window of Data Exfiltration Opportunities
Joel Aleburu
 
PPTX
Virus and hacker (2)mmm
andynova
 
PPTX
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
festival ICT 2016
 
PDF
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
RootedCON
 
PPTX
Advanced persistent threat (apt)
mmubashirkhan
 
PDF
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
Edureka!
 
PPT
Lect13 security
Umang Gupta
 
PDF
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Falgun Rathod
 
PPTX
Incident Response: Validation, Containment & Forensics
Priyanka Aash
 
PPTX
Ethical hacking introduction to ethical hacking
MissStevenson1
 
PPT
Ethical hacking
kawsarahmedchoudhuryzzz
 
PPTX
Types of Malware (CEH v11)
EC-Council
 
PDF
Ethical hacking
Mohammad Affan
 
PDF
Certified Ethical Hacking - Book Summary
udemy course
 
Hacking and Ethical Hacking
Masih Karimi
 
Intruders
techn
 
Intruders detection
Ehtisham Ali
 
Ch04 Network Vulnerabilities and Attacks
Information Technology
 
Covert channels: A Window of Data Exfiltration Opportunities
Joel Aleburu
 
Virus and hacker (2)mmm
andynova
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
festival ICT 2016
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
RootedCON
 
Advanced persistent threat (apt)
mmubashirkhan
 
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
Edureka!
 
Lect13 security
Umang Gupta
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Falgun Rathod
 
Incident Response: Validation, Containment & Forensics
Priyanka Aash
 
Ethical hacking introduction to ethical hacking
MissStevenson1
 
Ethical hacking
kawsarahmedchoudhuryzzz
 
Types of Malware (CEH v11)
EC-Council
 
Ethical hacking
Mohammad Affan
 
Certified Ethical Hacking - Book Summary
udemy course
 

Similar to Ethical hacking (20)

PPT
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
champubhaiya8
 
PPT
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
ssuserde23af
 
PPT
324515851-Ethical-Hacking-Ppt-Download4575.ppt
ssuserde23af
 
PPT
324515851-Ethical-Hacking-Ppt-Download4575.ppt
ssuserde23af
 
PPTX
Ethical Hacking basics ppt, all types hacking
devakiashi
 
PPTX
ethical hacking
Neelima Bawa
 
PPTX
Presentation1
Abhishek Malhotra
 
PPT
Ethical Hacking
Rohan Raj
 
PPTX
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
PPTX
Ethical System Hacking- Cyber Training Diploma
begmohsin
 
PPT
Ethical Hacking
Keith Brooks
 
PPT
Ethical hacking
Sourabh Badve
 
PPT
The Role of Security and Penetration Testers
yasirabdullah15
 
PPT
Foot printing and Reconnaissance Techniques
yasirabdullah15
 
PPTX
PPT SARTHAK. for the better use of the technology
GauriMehra5
 
PPT
Hackers
yozusaki
 
PPT
Hackers
guesta04f59b
 
PPT
Hackers
Alvaro Cipriano
 
PDF
Hacking.pdf
Ambuj Sharma
 
PDF
ISACA Ethical Hacking Presentation 10/2011
Xavier Mertens
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
champubhaiya8
 
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
ssuserde23af
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
ssuserde23af
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
ssuserde23af
 
Ethical Hacking basics ppt, all types hacking
devakiashi
 
ethical hacking
Neelima Bawa
 
Presentation1
Abhishek Malhotra
 
Ethical Hacking
Rohan Raj
 
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
Ethical System Hacking- Cyber Training Diploma
begmohsin
 
Ethical Hacking
Keith Brooks
 
Ethical hacking
Sourabh Badve
 
The Role of Security and Penetration Testers
yasirabdullah15
 
Foot printing and Reconnaissance Techniques
yasirabdullah15
 
PPT SARTHAK. for the better use of the technology
GauriMehra5
 
Hackers
yozusaki
 
Hackers
guesta04f59b
 
Hackers
Alvaro Cipriano
 
Hacking.pdf
Ambuj Sharma
 
ISACA Ethical Hacking Presentation 10/2011
Xavier Mertens
 

Recently uploaded (20)

PDF
Complications of Minimal Access-Surgery.pdf
Laparoscopy Hospital
 
PPTX
Unit 4 Computer Architecture Multicore Processor.pptx
Gunasundari Selvaraj
 
PPTX
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
PDF
medical_surgical_nursing_10th_edition_ignatavicius_TEST_BANK_pdf.pdf
victor kamau
 
PDF
International_Financial_Reporting_Standa.pdf
VrindaTayade1
 
PPTX
Introduction to pro and eukaryotes and differences.pptx
AvaniKarumathil
 
DOCX
Cambridge-Practice-Tests-for-IELTS-12.docx
ssuser0d93ff
 
PDF
Trump Administration's workforce development strategy
Mebane Rash
 
PDF
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
PPTX
B.Sc. DS Unit 2 Software Engineering.pptx
Dr. Pallawi Bulakh
 
DOC
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
PDF
Vision Prelims GS PYQ Analysis 2011-2022 www.upscpdf.com.pdf
navneetgupta711851
 
PPTX
Share_Module_2_Power_conflict_and_negotiation.pptx
Lavanyaj33
 
PPTX
Virtual and Augmented Reality in Current Scenario
Shruti Dalela
 
PDF
Practical Manual AGRO-233 Principles and Practices of Natural Farming
MilindKhedekar2
 
PPTX
Computer Architecture Input Output Memory.pptx
Gunasundari Selvaraj
 
PDF
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
PDF
David L Page_DCI Research Study Journey_how Methodology can inform one's prac...
David L Page
 
PPTX
TNA_Presentation-1-Final(SAVE)) (1).pptx
RomnickTanilon
 
PDF
AI-driven educational solutions for real-life interventions in the Philippine...
EleniIlkou
 
Complications of Minimal Access-Surgery.pdf
Laparoscopy Hospital
 
Unit 4 Computer Architecture Multicore Processor.pptx
Gunasundari Selvaraj
 
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
medical_surgical_nursing_10th_edition_ignatavicius_TEST_BANK_pdf.pdf
victor kamau
 
International_Financial_Reporting_Standa.pdf
VrindaTayade1
 
Introduction to pro and eukaryotes and differences.pptx
AvaniKarumathil
 
Cambridge-Practice-Tests-for-IELTS-12.docx
ssuser0d93ff
 
Trump Administration's workforce development strategy
Mebane Rash
 
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
B.Sc. DS Unit 2 Software Engineering.pptx
Dr. Pallawi Bulakh
 
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
Vision Prelims GS PYQ Analysis 2011-2022 www.upscpdf.com.pdf
navneetgupta711851
 
Share_Module_2_Power_conflict_and_negotiation.pptx
Lavanyaj33
 
Virtual and Augmented Reality in Current Scenario
Shruti Dalela
 
Practical Manual AGRO-233 Principles and Practices of Natural Farming
MilindKhedekar2
 
Computer Architecture Input Output Memory.pptx
Gunasundari Selvaraj
 
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
David L Page_DCI Research Study Journey_how Methodology can inform one's prac...
David L Page
 
TNA_Presentation-1-Final(SAVE)) (1).pptx
RomnickTanilon
 
AI-driven educational solutions for real-life interventions in the Philippine...
EleniIlkou
 

Ethical hacking

  • 2. Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting
  • 3. What is Ethical Hacking Ethical Hacking Conforming to accepted professional standards of conduct Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming White-hat - Good Guys Black-hat – Bad guys
  • 4. What is Ethical Hacking It is Legal Permission is obtained from the target Part of an overall security program Identify vulnerabilities visible from Internet at particular point of time Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
  • 5. Why – Ethical Hacking Source: CERT-India January - 2005 Defacement Statistics for Indian Websites 1131 Total 13 other 2 .edu 2 .nic.in 3 .info 13 .ac.in 48 .co.in 12 .biz 39 .net 53 .org 24 .gov.in 922 .com No of Defacements Domains June 01, 2004 to Dec.31, 2004
  • 6. Why – Ethical Hacking Source: CERT/CC Total Number of Incidents Incidents
  • 7. Why – Ethical Hacking Source: US - CERT
  • 8. Why – Ethical Hacking Protection from possible External Attacks Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data
  • 9. Ethical Hacking - Process Preparation Footprinting Enumeration & Fingerprinting Identification of Vulnerabilities Attack – Exploit the Vulnerabilities
  • 10. Preparation Identification of Targets – company websites, mail servers, extranets, etc. Signing of Contract Agreement on protection against any legal issues Contracts to clearly specifies the limits and dangers of the test Specifics on Denial of Service Tests, Social Engineering, etc. Time window for Attacks Total time for the testing Prior Knowledge of the systems Key people who are made aware of the testing
  • 11. Footprinting Collecting as much information about the target DNS Servers IP Ranges Administrative Contacts Problems revealed by administrators Information Sources Search engines Forums Databases – whois, ripe, arin, apnic Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
  • 12. Enumeration & Fingerprinting Specific targets determined Identification of Services / open ports Operating System Enumeration Methods Banner grabbing Responses to various protocol (ICMP &TCP) commands Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
  • 13. Identification of Vulnerabilities Vulnerabilities Insecure Configuration Weak passwords Unpatched vulnerabilities in services, Operating systems, applications Possible Vulnerabilities in Services, Operating Systems Insecure programming Weak Access Control
  • 14. Identification of Vulnerabilities Methods Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic Insecure Programming – SQL Injection, Listening to Traffic Weak Access Control – Using the Application Logic, SQL Injection
  • 15. Identification of Vulnerabilities Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites Common Vulnerabilities & Exposures – http://cve.mitre.org Bugtraq – www.securityfocus.com Other Vendor Websites
  • 16. Attack – Exploit the vulnerabilities Obtain as much information (trophies) from the Target Asset Gaining Normal Access Escalation of privileges Obtaining access to other connected systems Last Ditch Effort – Denial of Service
  • 17. Attack – Exploit the vulnerabilities Network Infrastructure Attacks Connecting to the network through modem Weaknesses in TCP / IP, NetBIOS Flooding the network to cause DOS Operating System Attacks Attacking Authentication Systems Exploiting Protocol Implementations Exploiting Insecure configuration Breaking File-System Security
  • 18. Attack – Exploit the vulnerabilities Application Specific Attacks Exploiting implementations of HTTP, SMTP protocols Gaining access to application Databases SQL Injection Spamming
  • 19. Attack – Exploit the vulnerabilities Exploits Free exploits from Hacker Websites Customised free exploits Internally Developed Tools – Nessus, Metasploit Framework,
  • 20. Reporting Methodology Exploited Conditions & Vulnerabilities that could not be exploited Proof for Exploits - Trophies Practical Security solutions
  • 21. Ethical Hacking - Commandments Working Ethically Trustworthiness Misuse for personal gain Respecting Privacy Not Crashing the Systems

Editor's Notes

  • #4: Red teaming – used for the first time by US government for testing its systems early 90’s Black & white hat terminology comes from the Hollywood movies where good guys wear white hats and bad guys wear black hats
  • #6: Other information not available